Security News
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app named "Oko VPN." The researchers later found the same library used by the LumiApps Android app monetization service.
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a rewritable SIM chip present on many recent smartphone models. Russian cybersecurity firm F.A.C.C.T. reports that SIM swappers in the country and worldwide have been taking advantage of this shift to eSIMs to hijack phone numbers and bypass protections to access bank accounts.
The latest version of the PixPirate banking trojan for Android employs a new method to hide on phones while remaining active, even if its dropper app has been removed. PixPirate is a new Android malware first documented by the Cleafy TIR team last month seen targeting Latin American banks.
A cursory scan of the major ransomware groups' leak blogs shows none of the big names are yet claiming responsibility for the attack on Leicester City Council. "Over the weekend we have continued to work with our cybersecurity and law enforcement partners, as well as learning from other councils who have had attacks, to identify the nature of the incident and the steps we need to take to get our systems back online," said Richard Sword, strategic director of city developments and neighborhoods at Leicester City Council.
First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. If you think it couldn't happen to you, think again.
End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers...
A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. To demonstrate the attack, the researchers carried out tests on nine top-selling wireless chargers available worldwide, highlighting gaps in the security of these products.
End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. "Our goal is to listen to your feedback, make adjustments, and ensure phone number privacy on Signal is easy and useful for everyone."
Meta has acknowledged that phone number reuse that allows takeovers of its accounts "Is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a matter for telecom companies to sort out. Users who abandon a number, and forget to update their new number, are therefore at risk of malicious account reset attempts by whoever gets access to their old numbers.
Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. As previously reported by BleepingComputer, after the January 2024 Google Play system updates came out, some owners of various Google Pixel models experienced internal storage access problems, the inability to open apps or the camera, or even take screenshots.